As business travel picks up, cybersecurity threats are becoming a growing concern for travellers. Photo Credit: Adobe Stock/bongkarn
A study by application security company Indusface reveals that 70% of business travellers have encountered cyber-attacks, highlighting the risks faced by professionals carrying sensitive data while on the move. This comes amid a 19% increase in business travel compared to the previous year.
Experts have raised concerns over the growing number of cybercriminals targeting business travellers through a variety of tactics aimed at stealing confidential information. The risks posed by weak cybersecurity practices — such as using unsecured Wi-Fi networks and inadequate data protection — are significant, as these practices leave business data exposed.
Venky Sundar, founder and president of Indusface, highlighted key risks and offered guidance for businesses to protect their travelling employees. One major vulnerability lies in the use of unsecured public Wi-Fi networks, which are commonly found in locations such as airports, hotels, and cafes. Cybercriminals can easily exploit these networks to access sensitive data.
The biggest cyber threats to business travellers
Unsecure Wi-Fi networks: Sundar also advises businesses to implement strict policies on the use of public Wi-Fi, recommending that employees always connect via Virtual Private Networks (VPNs) or, where possible, avoid public Wi-Fi altogether. "It's important to also disable auto-connect settings and consider the use of business-funded mobile hotspots," he said.
Device theft or loss: Device theft or loss is an additional concern for travellers. According to Sundar, 80% of business travellers have reported losing or forgetting their devices, with only 40% managing to recover them. To mitigate these risks, businesses can consider implementing secure device-handling policies, encourage employees to keep devices in their possession at all times and explore options such as smart luggage and remote device management solutions.
Unsecured mobile apps: The reliance on mobile devices is another risk area, as many business travellers use personal smartphones for work-related activities. This opens the door to the use of unsecured apps that may not provide end-to-end encryption. "Mobile app penetration testing is essential to identify vulnerabilities that could compromise sensitive business data," Sundar added.
Fake charging stations: Additionally, the phenomenon of ‘juice jacking’, where cybercriminals use compromised USB charging ports to steal data or install malware, is prevalent in public spaces like airports and cafes. Using USB data blockers or portable chargers are a great to circumvent such risks, as it allows users to avoid relying on public charging stations altogether.
Shared or publicly accessible devices: The use of shared or public devices presents another major cybersecurity risk. Sharing devices can result in saved passwords, browsing history, and other sensitive information becoming accessible to malicious actors. Addressing this, Sundar suggests that employees avoid sharing devices when possible. If sharing is unavoidable, he advises that they never save passwords and avoid using the device for sensitive tasks.